[libvirt] [Qemu-devel] Configuring pflash devices for OVMF firmware
Paolo Bonzini
pbonzini at redhat.com
Wed Jan 30 14:33:58 UTC 2019
On 30/01/19 15:13, Markus Armbruster wrote:
> -global driver=cfi.pflash01,property=secure,value=on
>
> Affects *all* such devices, but fortunately we have at most two, and the
> one we don't want to affect happens to ignore the property value.
Is this true? I think both need secure=on, at least on x86.
> For libvirt, plumbing the base address from the firmware's descriptor to
> QEMU would be the lesser mess (for the firmware, providing the base
> address there would be no mess at all).
>
> For human users, it's perhaps the greater mess. They can continue to
> use -drive if=pflash.
>
> Perhaps we *should* redo board configuration from the ground up.
> Perhaps a board should be a composite object that exposes properties of
> its own and its part, just like other composite devices, and so that
> "create, set properties, realize" works. That would extend our common
> device configuration mechanism naturally to onboard devices.
>
> Of course, "we should" doesn't imply "I could".
Maybe we should just add pflash block properties to the machine? And
then it can create the devices if the properties are set to a non-empty
value.
This doesn't remove the need to use -global to configure the "secure"
property, but it's not particularly an issue.
Paolo
More information about the libvir-list
mailing list